hi Mark--
On November 14, markb@ordern.com said:
> It would be good if sshd could detect such break in attempts and
> simply not accept the connections. I can imagine having a simple
> mechanism that counts the number of login attempts from a given IP
> address and if so many are attempted in a short time period, that IP
> address is blacklisted for a while.
I don't think this functionality belongs in openssh.
This sort of policy has been implemented in a more generalized way
than ssh could do on it's own. There are programs which read
logfiles, and block IP addresses based on the contents. One such
implementation is fail2ban:
http://fail2ban.sourceforge.net/
which comes with a standard set of rules for dealing with openssh
logs, and blocking IPs using the linux netfilter rulesets. I'm sure
it's adaptable to pf or whatever other filtering setup you are already
using.
hth,
--dkg
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|